Privacy Policy

Last Updated: March 6, 2024

A.  Scope of this Privacy Policy

This Privacy Policy (“Privacy Policy”) explains how we, Complement Theory (“we,” “us,” or “our”), collect, use, share, or otherwise process information that we collect through our services. These services include, as applicable, our website, mobile application, social media pages, marketing activities, and other activities described in this Privacy Policy, or when other businesses provide us with your personal information (collectively, the “Services”).

This Privacy Policy applies to all Complement Theory Services. We may provide additional or supplemental privacy statements for certain products or services. This Privacy Policy is issued in conjunction with Complement Theory’s Terms of Service (located at: https://clinicaltrial.complement1.com/tnc.html) (the “Terms of Service”), the terms of which are incorporated by reference into this Privacy Policy (collectively, the “Agreement”).

This Privacy Policy describes our privacy practices when we process:

Complement Theory determines the purposes and means of the processing of your personal information as described in this Privacy Policy, and therefore acts as a ‘data controller’ (or equivalent/similar terms under applicable data privacy laws) of such information.

Additionally, given the possibility of Complement Theory collecting Protected Health Information (“PHI”) and/or Personally Identifiable Information (“PII”) as a means of your access to, or Complement Theory’s provision of, the Services, this Privacy Policy further serves as your “Notice”; particularly with respect to how Complement Theory uses, discloses, and protects your PHI and/or PII.

DISCLAIMER: THE INFORMATION AND ADVICE INCLUDED OR OFFERED ON COMPLEMENT THEORY’S WEBSITE, APP, OR AS OTHERWISE PART OF THE SERVICES, IS NOT INTENDED TO BE USED AS MEDICAL ADVICE. NO MATERIALS OR INFORMATION HEREIN ARE INTENDED TO BE A SUBSTITUTE FOR PROFESSIONAL MEDICAL ADVICE, DIAGNOSIS, OR TREATMENT. ALWAYS SEEK THE ADVICE OF YOUR PHYSICIAN OR OTHER QUALIFIED HEALTHCARE PROVIDER WITH ANY QUESTIONS YOU MAY HAVE REGARDING A MEDICAL CONDITION OR TREATMENT.

By using the Services, you explicitly consent to both the Privacy Policy and the Terms of Service. IF YOU DO NOT AGREE TO ABIDE BY THE DATA PRACTICES DESCRIBED IN THIS PRIVACY POLICY OR TO THE TERMS SPECIFIED IN THE TERMS OF SERVICE, THEN PLEASE CLOSE YOUR BROWSER OR APP IMMEDIATELY AND DO NOT USE OR ACCESS THE SERVICES.

B.  The Complement Theory Platform/Services

The Complement Theory Platform and your personal information

When we say “platform”, we mean that when you choose to share data with us, or bring over information from third parties, Complement Theory uses that data together as part of, and as a means to provide, the Services. The personal information we use in this centralized way may relate to you as an end user of our Services or as an employee or contractor of a Complement Theory customer whose personal information has been included in the Complement Theory Platform.

Personal information we collect

The personal information that we collect or otherwise receive about you depends on the context of your interactions with Complement Theory, how you configure your account, the Services you request, and the choices you make, including your privacy settings. The way we process your personal information may also depend on the particular Services, functionalities, or experiences you use, your location, and applicable law.

Information you provide to us

You may provide us with your personal information as follows:

Automatic data collection

We, our service providers, and our business partners may automatically log personal information about you, your computer or mobile device, and your interaction over time with the Services, such as:

Cookies and similar technologies

C. How We Use Personal Information

We may use your personal information in a number of ways or as otherwise described at the time of collection:

Service delivery and operations

We may use your personal information to:

Research and development

‍We may use your personal information to:

Marketing and advertising

‍We, our service providers, and our third-party advertising partners may collect and use your personal information for marketing and advertising purposes to:

Compliance and protection

We may use your personal information to:

Automated processing

To provide you with valuable personalized advice, recommendations, and experiences, we may process your personal information using automated and manual (human) methods. Our automated methods include a range of technologies that help our services learn and reason to improve our ability to personalize and enhance your experience in the Complement Theory Platform.

D. How We Share or Disclose Your Personal Information

Complement Theory does not sell your PII or PHI, and Complement Theory does not disclose your PII or PHI to any third party unless (i) it has received consent from you to do so; or (ii) it is permitted to do so by law.

Complement Theory may share your personal information with third parties in the following circumstances:

For legal reasons

We may share your personal information with third parties for legal reasons without your consent, and as permitted by law, including:

E. Your Personal Information Rights and Choices

Your choices

We believe that you have choices about how we collect, store, and disclose information that pertains to you or your PHI/PII, and, pursuant to state and/or federal law—specifically, the Health Insurance Portability and Accountability Act (“HIPAA”)—you may have additional rights beyond what is listed herein.

We provide all customers with options to manage the privacy of their personal information. For example, you may update your privacy settings by visiting your account settings, and you can edit and correct certain personal information at any time by changing it directly within our Services.

Delete your personal information.

You may ask us to delete your personal information and/or you may opt out of interest-based advertising by visiting your account settings or emailing us at privacy@compthealth.com

Verification

To help protect privacy and the security of your personal information, you may be asked to provide additional information to verify your identity and/or ownership rights before we can fulfill your data rights request. If we cannot verify your identity or your ownership rights to the data, we may not be able to service your request until you provide proper documentation.

Data retention

Unless you specifically ask us to delete your personal information, we retain your personal information as long as it is necessary to comply with our data retention requirements and/or as required by law. Even if you submit a deletion request, we may be required to maintain your personal information for as long as necessary to:

  1. comply with our legal or regulatory compliance needs (e.g., maintaining records of transactions you have made with us);
  2. to exercise, establish, or defend legal claims; and/or
  3. to protect against fraudulent or abusive activity on our service.

This means we may keep different information for different periods. If your account is canceled due to inactivity, we may delete this information immediately.

There may be occasions where we are unable to fully delete, anonymize, or de-identify your personal information due to technical, legal, regulatory compliance, or other operational reasons. Where this is the case, we will take reasonable measures to securely isolate your personal information from any further processing until such time as we are able to delete, anonymize, or de-identify it.

State privacy laws

If you are a citizen of the State of, e.g., California, Colorado, Connecticut, Virginia, or Utah, then you may have additional privacy lights that are not listed herein, including, e.g., the right to correction and deletion; the right to access all privacy information of yours that we have collected, etc. You are encouraged to research the privacy rights and protections that may be applicable to you—regardless of your state of domicile—and to stay apprised of such rights.

If you have any explicit questions about such rights or wish to enforce any of your legal rights, please contact us at privacy@compthealth.com with as much specificity and detail as possible, and we would be happy to assist you.

Storage of your data

Your data is stored in the United States using AWS S3 with encryption at rest enabled. Your information may also be stored in Log files on Complement Theory’s server, and Complement Theory’s server discs are encryption-enabled.

Complement Theory reserves the right to store and process your personal information in the United States and in any other country, as permitted by applicable laws and regulations. Some of these countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective).

When we transfer, store, or process personal information outside of your jurisdiction, we take appropriate safeguards to require that your personal information remain protected in accordance with this Privacy Policy and applicable law.

Some of these recipients of your personal information are located in countries for which the European Commission and/or UK Government (as and where applicable) have issued adequacy decisions, which means that these countries are recognized as providing an adequate level of data protection under applicable UK and/or European data protection laws and the transfer is therefore permitted under Article 45 of the General Data Protection Regulation (GDPR).

Security of your personal information

We use reasonable physical, technical, and organizational safeguards that are designed to protect your personal information. However, despite these controls, we cannot completely ensure or warrant the security of your personal information. 

Changes to our Privacy Policy

From time to time, we may change or update our Privacy Policy. We reserve the right to make changes or updates at any time in our sole discretion. If we make material changes to the way we process your personal information, we may notify you by, e.g., posting a notice within the Complement Theory Platform; by sending you a notification; or by other means consistent with applicable law.

Services are not intended for minors

Our services are not intended for or directed to children under the age of 18. We do not knowingly collect personal information from children. If you believe we may have information from a child, please contact us at privacy@compthealth.com

Liability Waiver

By using our Services, you explicitly agree to the terms herein, and, accordingly, you further agree to release and forever discharge us from any claim whatsoever which arises or may hereafter arise on account of any service rendered or program provided by us to you.

Please e-mail any general or specific inquiries to us at: privacy@compthealth.com